Welcome to the Wireguard - AdGuard - Unbound project, a comprehensive Docker Compose setup designed for robust network security and privacy. This repository includes configurations for AdGuard Home, Unbound, and WireGuard via WG-Easy.
- AdGuard Home: Blocks ads and trackers and provides web filtering and parental controls.
- Unbound: Validates, caches, and recursively resolves DNS queries, supporting DNSSEC.
- WireGuard via WG-Easy: Offers a modern, fast VPN with top-notch cryptography.
This setup provides:
- Network-level ad and tracker blocking.
- DNS query encryption for added security.
- VPN for secure and private internet access.
- Installed Docker and Docker Compose.
- Basic knowledge of DNS, Docker, and VPN concepts.
- A host machine with a static IP or a configured DNS resolver.
-
Clone the Repository
git clone https://github.com/wireguard-adguard-unbound
-
Navigate to the Project Directory
cd wireguard-adguard-unbound -
Update Essential Variables
Update these essential variables in the
docker-compose.yml:WG_HOST: Your public IP address.PASSWORD: A secure password for WireGuard.
-
Deploy the Services
docker-compose up -d
- Access the AdGuard Home web panel at
http://<host_ip>:3000. - Access the WG-Easy web panel at
http://<host_ip>:51821.
To make full use of root DNS servers for DNS resolution, ensure to set both the Upstream DNS servers and Bootstrap DNS servers in your AdGuard Home or system settings to 127.0.0.1:5053. This will route your DNS queries to Unbound, which is configured to leverage root DNS servers for DNS lookups.
- Upstream DNS Servers: Set this to
127.0.0.1:5053to use root DNS servers. - Bootstrap DNS Servers: Also set this to
127.0.0.1:5053for the same reason. By setting both the Upstream and Bootstrap DNS servers to127.0.0.1:5053, you ensure that all DNS queries are securely and accurately resolved using the root DNS servers.
AdGuard Home configuration files in ./adguard/opt-adguard-conf.
Unbound configurations in ./unbound.
WG-Easy configurations in ~/.wg-easy.